Force TLS 1.2 on Fetch?

A quick Q, I am fetching from a worker a site that breaks when you request using TLS 1.3. Unfortunately resolving this problem with the origin is not an option, is it possible to force fetch from a worker to use TLS 1.2?


I know you essentially stated that the origin is off limits, however, just by turning off TLSv1.3 in the dash & setting TLSv1.2 as the de facto http encryption proto would solve your problem. If not, I know there’s an example script that could be modified to function as you want:

async function handleRequest(request) {
  try {
    const tlsVersion =;

    // Allow only TLS versions 1.2 and 1.3
    if (tlsVersion !== 'TLSv1.2' && tlsVersion !== 'TLSv1.3') {
      return new Response('Please use TLS version 1.2 or higher.', {
        status: 403,

    return fetch(request);
  } catch (err) {
    console.error(' does not exist in the previewer, only in production');
    return new Response('Error in workers script' + err.message, {
      status: 500,

addEventListener('fetch', event => {

which can be found here:

You cannot control the TLS version of sub-requests. Cloudflare will choose the highest version supported by both the client and server. If the server does not work with TLSv1.3 then it should not advertise support for it.


Ah, that’s a pain. Thanks though.

That’s kinda what I said in my first half of my response.

Those settings and that script is for Client → Cloudflare. OP is asking about Workers sub-requests which are Cloudflare → Server.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.